Security researchers have uncovered a network of infected Linux computers that's flooding gaming and education sites with as much as 150 gigabits per second of malicious traffic—enough in some cases to take the targets completely offline.
The XOR DDoS or Xor.DDoS botnet, as the distributed denial-of-service network has been dubbed, targets as many as 20 sites each day, according to an advisory published Tuesday by content delivery network Akamai Technologies. About 90 percent of the targets are located in Asia. In some cases, the IP address of the participating bot is spoofed in a way that makes the compromised machines appear to be part of the network being targeted. That technique can make it harder for defenders to stop the attack.
"In short: Xor.DDoS is a multi-platform, polymorphic malware for Linux OS, and its ultimate goal is to DDoS other machines," a separate writeup on the botnet explained. "The name Xor.DDoS stems from the heavy usage of XOR encryption in both malware and network communication to the C&Cs (command and control servers)."
XOR DDoS takes hold by cracking weak passwords used to protect the command shell of Linux computers. Once the attackers have logged in, they use root privileges to run a script that downloads and executes a malicious binary file. There's no evidence XOR DDoS infects computers by exploiting vulnerabilities in the Linux operating system itself. Akamai's advisory has intrusion-prevention-system signatures for detecting infections and instructions for removing the malware.
"Over the past year, the XOR DDoS botnet has grown and is now capable of being used to launch huge DDoS attacks," Stuart Scholly, senior vice president and general manager of Akamai's Security Business Unit, said in a statement. "XOR DDoS is an example of attackers switching focus and building botnets using compromised Linux systems to launch DDoS attacks. This happens much more frequently now than in the past, when Windows machines were the primary targets for DDoS malware."
(Score: 1, Touché) by Anonymous Coward on Wednesday September 30 2015, @06:48AM
Secure by Default. Zero remote holes in the default install.
More secure than OpenBSD by their own silly measurement.
;)
(Score: 2) by Hyperturtle on Wednesday September 30 2015, @06:09PM
You can install windows 10 from an ISO image as I did, with no NIC.
It's... secure, sure. but it is not nearly as useful as DOS was, because the later versions of DOS at least had some help menus for many of the programs included relating to the management of DOS that were actually stored locally on disk. Not so with Windows 10.
It also did not try to sell you things directly, aside perhaps from including the most basic defrag or memory management programs after complaints that these were needed, but they couldn't compete directly with people that sold products that did those things well, etc.
Most of that mindset is long gone.
At least with DOS, the PC often came with a means of loading in software in fashion not considered to be a hacker activity, as "side-loading" applications is often viewed as today.